Etunimi Sukunimi - Theseus

53
PLC Virtualization and Software Defined Architec- tures in Industrial Control Systems Mikael Peltonen Bachelor’s Thesis August 2017 Mechanical and Production Engineering Machine Automation

Transcript of Etunimi Sukunimi - Theseus

PLC Virtualization and Software Defined Architec-

tures in Industrial Control Systems

Mikael Peltonen

Bachelor’s Thesis

August 2017

Mechanical and Production Engineering

Machine Automation

ACKNOWLEDGEMENTS

The completion of this thesis work could not have been possible without great support of

colleagues and fellow researchers, who have instructed me and helped me through steps

where my know-how has not been quite enough to proceed. That’s why I’d like to express

my thanks to people, who have assisted me with my thesis work.

The thesis work was accomplished at the Machine Solutions headquarters of Schneider

Electric in Marktheidenfeld, Germany. I’m supremely grateful for Schneider Electric of

the chance to work on my thesis in the company.

My special thanks to my supervisor Omid Givehchi, who’s expertise on IT has been truly

valuable. His case study [95] gave me a good overview on the topic of my research in the

beginning of my thesis work.

I would also like to express my very great appreciation to Cedric Vandendriessche, who

did a similar research on the topic in the Ghent University [68]. This thesis would have

perhaps had a bit different approach without the substantial support of Vandendriessche,

who provided me significant assistance on the topic.

Support provided by my colleagues Jyri Niinikoski, Alexander Kempf, Franz-Josef Kreb-

bers and Henry Krüger was greatly appreciated as well.

ABSTRACT

Tampereen ammattikorkeakoulu

Tampere University of Applied Sciences

Degree Programme in Mechanical and Production Engineering

Machine Automation

PELTONEN, MIKAEL

PLC Virtualization and Software Defined Architectures in Industrial Control Systems

Bachelor's thesis 53 pages, appendices 3 pages

August 2017

Today’s automation systems are going through a transition called Industry 4.0, referring

to the Fourth Industrial Revolution. New concepts, such as cyber-physical systems, mi-

croservices and Smart Factory are introduced. This brings up the question of how some

of these new technologies can be utilized in Industrial Control Systems. Machines and

production lines are nowadays controlled by hardware PLCs and this is considered as a

state-of-the-art solution. However, the market demands are continuously increasing and

pushing the industry e.g. to lower the operational costs and to develop more agile solu-

tions. Industry 4.0 provides promising approaches to take a step forward and consider

PLC virtualization.

The purpose of this thesis was to evaluate PLC virtualization possibilities using different

Software Defined Architectures. Requirements and benefits of different solutions were

evaluated. The major objective of the case study was to compare container- and hypervi-

sor-based virtualization solutions using Docker and KVM.

The case study provides a modular and scalable IIoT solution in which a virtual PLC

takes over the control instead of a hardware PLC. Node-RED was used as a runtime en-

vironment and an I/O-module was needed to set up a control loop test. Response time of

the control loop was measured by capturing Modbus traffic with tcpdump. Multiple iter-

ations were performed to show minimum, maximum, average, median and 90th pctl. la-

tencies.

The results indicate that the container-based solution has a smaller overhead than the hy-

pervisor-based solution and it has a very little overhead in general. Peak latencies are a

concern and even the average latencies show that this solution would not be suitable for

any hard real-time or safety-related applications.

Further investigation on the topic would be needed to estimate the actual potential of PLC

virtualization on hard real-time applications. First of all, a more powerful hardware PC

would be needed to perform such tests. Secondly, a faster industrial protocol than Modbus

TCP/IP would be required. Perhaps another kind of approach would be needed to over-

come the issues that were experienced in this case study. It would be interesting to test a

direct communication between virtual PLC and I/O and use Node-RED nodes for exam-

ple to trigger inputs. Anyhow, it seems that container-based solution is holding much

promise as a virtualization approach.

Key words: IIoT, Industry 4.0, PLC, virtualization, hypervisor, container

4

TABLE OF CONTENTS

1 Introduction ....................................................................................................... 6

2 Schneider Electric .............................................................................................. 8

2.1 Customers and market ............................................................................... 9

3 Software Defined Architectures ...................................................................... 10

3.1 SDA requirements .................................................................................... 11

3.2 SDA benefits ............................................................................................ 12

3.3 SDA technologies .................................................................................... 13

4 SDA approaches .............................................................................................. 14

4.1 Virtualization ........................................................................................... 14

4.2 Hypervisor-based virtualization ............................................................... 18

4.3 Container-based virtualization ................................................................. 20

4.4 SDN ......................................................................................................... 22

5 PLC virtualization ........................................................................................... 24

5.1 From classic automation pyramid to a more flexible model.................... 24

5.2 PLC virtualization advantages and question marks ................................. 25

6 Case Study ....................................................................................................... 28

6.1 Software and components ........................................................................ 28

6.1.1 Node-RED ..................................................................................... 28

6.1.2 OpenPLC ....................................................................................... 28

6.1.3 Docker ........................................................................................... 29

6.1.4 KVM and QEMU .......................................................................... 30

6.1.5 I/Os, SoMachine ............................................................................ 31

6.1.6 Modbus TCP/IP ............................................................................. 32

6.1.7 Industrial PC ................................................................................. 33

6.2 Setup ........................................................................................................ 33

6.2.1 Docker = Container-based virtualization ...................................... 36

6.2.2 KVM = hypervisor-based virtualization ....................................... 37

6.2.3 No virtualization............................................................................ 37

7 Results ............................................................................................................. 38

8 Conclusion ....................................................................................................... 41

8.1 ALC ......................................................................................................... 42

REFERENCES ...................................................................................................... 44

APPENDICES ...................................................................................................... 51

Attachment 1. Response time – Without virtualization .................................. 51

Attachment 2. Response time - Docker ........................................................... 52

Attachment 3. Response time - KVM ............................................................. 53

5

LIST OF ABBREVIATIONS

ALC App Logic Controller

CAPEX Capital expense

CPS Cyber-physical system

DCS Distributed control system

DevOps Software development & information technology operations

ERP Enterprise Resource Planning

HMI Human Machine Interface

ICS Industrial Control System

IIoT Industrial Internet of Things

IT Information Technology

KVM Kernel-based Virtual Machine

MES Manufacturing execution system

NFV Network Functions Virtualization

OPEX Operational expense

OS Operating System

OT Operational Technology

(v) PLC (virtual) Programmable Logic Controller

QEMU Quick Emulator

RTOS Real-Time Operating System

SCADA Supervisory Control and Data Acquisition

SDA Software Defined Architecture

SDN Software Defined Networking

VM Virtual Machine

VMM Virtual Machine Monitor

6

1 Introduction

The First Industrial revolution took its place from the 18th to 19th centuries, when new

manufacturing processes were invented [4]. Back then manufacturing was mainly de-

pendent on items produced by hand, but innovations in Great Britain enabled manufac-

turing by machines and better usage of water and steam power. These innovations gave

a burst to manufacturing, providing advantages like reducing production time signifi-

cantly. Innovation is the key to improve one’s business and innovation had naturally a

big role in the second and third industrial revolutions as well. The ongoing industrial

revolution is the Fourth Industrial Revolution, also called as Industry 4.0. The basic idea

of Industry 4.0 is the same than in other industrial revolutions: to improve one’s business

e.g. by reducing production time, lower the costs of the production materials, reduce the

amount of product and manufacturing defects and make the jobs easier for humans by

creating machines which can do the jobs on our behalf.

Figure 1. Industrial revolutions [5]

Industry 4.0 is the term for the ongoing industrial revolution. It originally refers to the

digitization of manufacturing, but in fact it also refers to the digitization of other indus-

tries like healthcare, logistics and oil and gas [3]. Often you hear about concepts like smart

factory, smart city or smart device. Industry 4.0 is about the Internet of Things (IoT),

cyber-physical systems (CPSs), convergence of Information Technology (IT) and Oper-

ation Technology (OT), cloud computing, machine learning and many other technologies

[5]. These technologies lead companies to new business models – others are willing to

take risks by deploying new technologies in an early phase, whereas others might be more

7

careful doing this. To overcome the threshold the industry needs innovations, lots of re-

search and several implementations.

To put it simply, Internet of Things is about connecting ”things” to the Internet. As an

example, you could use sensors to gather data from your water bottle, transfer the gath-

ered data to the cloud and access the data from a web browser. One might think, what

would we do with this data gathered from the water bottle? Naturally we don’t need to

connect everything to the Internet, but there are lots of cases where we can benefit from

the use of Industry 4.0 technologies. Especially the industry can benefit by using these

technologies and in this case, we would talk about Industrial Internet of Things (IIoT).

IIoT refers to the use of IoT technologies in manufacturing [6]. Smart factory applica-

tions, predictive and remote maintenance, industrial security systems and asset tracking

are example use cases of IIoT [7]. The biggest challenge of IIoT is cybersecurity, but

because that topic is a very complex topic of its own, it was out of scope of this thesis.

Since the late 1960s Programmable Logic Controllers (PLCs) are used in Industrial Con-

trol Systems (ICSs) to perform control functions. PLCs were developed in response to the

complex machine control with electromechanical relays. The aim was to develop control

systems more flexible, reduce machine downtime and perform logic functions with this

new device [8]. PLCs have indeed made their way to the factories and today they are seen

as state-of-the-art control devices. Since PLCs have been there for few decades, they have

achieved the reliability to control machinery even in safety-critical applications.

Thanks to the IT innovations, there are now different ways to lower operational costs by

use of virtualization (chapter 5.1) and cloud computing for example. The latest IT inno-

vations are already state-of-the-art solutions in the office and enterprise world, but it isn’t

as easy to deploy these technologies and solutions in the industrial applications, as the

requirements are typically high and the consequences of a system failure might be critical.

It’s questionable whether Industry 4.0 technologies are already so developed and reliable

that they could be of use in ICSs in which high requirements of determinism and real-

time computing have to be met. Anyways, manufacturers already benefit from Industry

4.0 technologies and the next step could be to try to virtualize the control plane and use

software rather than physical hardware in order to lower operational costs and have more

agile control environment. PLC virtualization, in other words using virtual PLCs (vPLCs)

could be the next step.

8

2 Schneider Electric

Schneider Electric is a French company with more than 180 years of history. At the time

of the Industrial Revolution in 1836, two brothers named Adolphe and Eugène Schneider

acquired the Creusot mines, forges and foundries and two years later the brothers founded

Schneider & Cie, focusing mainly on steel & heavy industry, railroads and ship building

[1]. In 1999 the company changed its name to Schneider Electric to emphasize company’s

expertise. Nowadays Schneider Electric is a global specialist in energy management and

automation with around 144 000 employees around the world [2].

Since 2000, Schneider Electric has its headquarters in Rueil-Malmaison, France. Cur-

rently Jean-Pascal Tricoire is the Chairman and Chief Executive Officer (CEO) of the

company. The company’s revenue in 2016 was 24.7 billion euros and 43% of the revenue

came from Building-segment (figure 2). 30 percent of all the employees are women and

thus Schneider Electric got CEO Leadership Award in 2015 by United Nations Women

and at the same time the company was awarded as a Global Compact as Champion for

Gender Equality. Green values are truly important for the company.

Figure 2. 2016 revenues by business [2]

9

2.1 Customers and market

Schneider Electric has a great variety of customers, starting from cities via all kind of

industry companies till consumers. The company offers industry solutions and automa-

tion and electrical devices for discrete and process manufacturing. This thesis was ac-

complished in the Machine Solutions headquarters in Marktheidenfeld, Germany. Ma-

chine Solutions provides motion control and safety solutions and products for different

customers globally, for example for hoisting, packaging, material handling or HVACR

(heating, ventilating, air condition and refrigeration) applications.

In the future Schneider Electric is going to invest in cities. The company is trying to build

urban cities with energy efficiency and infrastructure management. Smart grid, smart mo-

bility, intelligent and green buildings and renewable energy sources are the keys. At in-

dustry side Schneider Electric is a pioneer and a leading technology developer for Indus-

try 4.0.

Figure 3. Logo of Schneider Electric [2]

10

3 Software Defined Architectures

There’s always room for enhancements and innovations in the industrial world. Before

the birth of automation, systems and machines had to be operated manually. Automation

has provided many advantages from reduced time-to-market to fewer failure products.

Despite all this, development is required as market demands keep increasing. Today’s

issues could be overcome by the use of Industry 4.0 technologies. Flexibility is the key

for tomorrow’s industrial automation: more and more plant data should be available,

codes should be easily movable and reusable, systems should be modular and scalable

and industrial companies should have a possibility to select their preferable vendors [9].

Machines are turning into autonomous machines that will ease humans’ tasks. Cyber-

physical systems enable the communication and interaction between virtual and physical

machines and systems [10].

So, the transition from Industry 3.0 to Industry 4.0 requires naturally some time, it doesn’t

happen overnight. Different technologies are developed, tested and implemented and at

the same time something fancier is already brought to the market. In any case, the indus-

trial architectures are going through a change towards software-based approach and we

can therefore talk about Software Defined Architectures (SDA) due to developed IT tech-

nologies. Software Oriented Architectures (SOAs) came already into use in the beginning

of the 21st century, but Software Defined SOA (=SDA) is a new style of architecture

(figure 4). SOAs gave better architecture flexibility compared to the previous architecture

models by providing services that run a small function [11]. SDA brings even more flex-

ibility and scalability to the architectures by moving systems to the cloud. SDA means

basically that server hardware and software are decoupled and the data processing is ex-

ecuted in a software.

11

Figure 4. Software Defined Applications on the Application Architecture Road Map [14]

3.1 SDA requirements

SDAs have to meet the requirements of growing needs of the industrial world. One of the

most important factors is reliability: if you can’t rely on your system, you are risking your

business. To acquire high level of reliability, the industry needs time to test and run new

technologies. Real-time capabilities and deterministic behavior are on the table when talk-

ing about Industrial Control Systems (ICSs). SDAs also need to have a high availability,

meaning that the system should be continuously available and can recover quickly from

a system failure [13]. Cybersecurity (=IT security) is a big concern in general in Industry

4.0 and that is in fact a huge topic of its own, that’s why it is out of scope of this thesis.

Anyways cybersecurity is something that must be taken care of in a serious manner to

ensure that no outsiders can access your sensitive data. SDAs should be easily scalable

and modular to manage lifecycle operations of the components: hardware updates & re-

placement, software updates and network changes should be able to be done without any

loss of service [9]. SDAs should also target to a more simplified architecture, enable iso-

lation between components/processes when needed, enable communication between

these components and processes and make software codes reusable to e.g. reduce time-

to-market [13].

12

3.2 SDA benefits

Today’s industry demands an architecture that is flexible for modifications. SDA enables

easy scalability and system modularity by allowing you to replace or add components

without affecting the rest of the system. SDAs are designed with open platforms that al-

low users to select preferred components and solutions which means that the users have

the flexibility to choose between different vendors (=no vendor lock-in). In Industry 3.0

systems, it is not so easy – or maybe not possible at all – to use multiple vendors’ com-

ponents in the same architecture. There’s typically no hardware dependence in SDA, so

it’s easy to migrate and reuse software [9]. SDAs use virtualization (chapter 5.1) and more

software instead of hardware, which leads to cost reduction and smaller footprint because

there’s a smaller amount of required hardware. The aim is to provide COTS (COTS =

commercial off-the-shelf) software / hardware products that are ready-made and available

for sale [12].

Software Defined Architecture means Software-centric model, which gives an advantage

in management, network processing and security when the system is centralized. Remote

monitoring reduces OPEX while the maintenance engineer or the operator doesn’t always

need to be on site to check the status of machines. Centralized management eases the

remote monitoring, because then it’s enough to access only one software platform to man-

age your assets. By cloud computing and by use of smart sensors (sensors that include

communication capability and on-board diagnostics [15]) machine data is pushed to the

cloud and the data is then accessible on the user interface (HMI). The machine data can

be used for predictive maintenance (figure 5), which means that the machine data can be

used to estimate the time to a forthcoming failure of the machine. SDAs also support

DevOps (Software development & information technology operations), which is con-

verging IT and OT. DevOps (figure 6) is a set of practices that improve collaboration

between software developers and IT team and enables you to build, test and deploy soft-

ware faster [17] [18] [19] [20]. Organizations can significantly reduce their software’s

time-to-market by use of DevOps practices, since it aims to continuous delivery and con-

tinuous deployment. This enables more frequent software releases.

13

Figure 5. Predictive maintenance [16]

Figure 6. DevOps [20]

3.3 SDA technologies

So, Industry 4.0 is bringing Software Defined Architectures to organizations. These SDAs

should meet at least the same reliability, safety and security requirements than the tradi-

tional architectures, but also enhance one’s business by e.g. reducing time-to-market,

hardware and maintenance costs and increase systems’ flexibility, scalability and modu-

larity. How does an organization implement SDAs? There are several different ap-

proaches available (introduced in the next chapter): hypervisor-based virtualization, con-

tainer-based virtualization, Software Defined Networking (SDN), Network Functions

Virtualization (NFV) and so on. This thesis is focusing on PLC virtualization, so we’ll

also have a look on an approach called App Logic Controller (ALC) (chapter 8).

14

4 SDA approaches

4.1 Virtualization

To jump on PLC virtualization, we need to understand what the term virtualization means.

Virtualization is already widely used technology in IT, but it’s gradually making its way

to Industrial Automation. Hypervisor-based virtualization refers to a concept in which

underlying, single hardware resources are shared by multiple guest operating systems

[21]. This enables better server utilization, since CPU’s are otherwise generally underuti-

lized. Basically it means that you don’t always need to purchase new hardware for every

function, but you can make better use of already existing hardware by virtualizing oper-

ating systems and/or applications. By using virtualization one can benefit at least in en-

ergy savings (less required hardware) and system flexibility.

There are different types of virtualization methods, like e.g. storage virtualization, net-

work virtualization, software virtualization and desktop virtualization. In this chapter fol-

lowing techniques of x86 computer virtualization are introduced:

-Full virtualization

-Paravirtualization

-Hardware assisted virtualization

In addition, following virtualization methods are explained:

-Operating System-level virtualization

-Embedded virtualization

Full virtualization means virtualization in which guest OS is completely abstracted from

the hardware, therefore there’s no need to modify the guest OS [22] [23]. This abstraction

is executed by a virtualization layer called hypervisor (also called Virtual Machine Mon-

itor (VMM). The guest OS is not aware that it is being virtualized. Compared to other

virtualization methods, full virtualization provides best isolation of guest operating sys-

tems. The downside of full virtualization though is the performance overhead caused by

decoupling the hardware and the guest OS. VMware provides full virtualization technique

using Binary Translation and Direct Execution (figure 7). There are four privilege levels:

Ring 0, 1, 2 and 3. User applications run usually in Ring 3, whereas the ones that need to

15

have a direct access to the hardware resources run in more privileged Rings (depending

on the application).

Figure 7. VMware’s full virtualization method using Binary Translation and Direct Execution [22]

Paravirtualization improves the overall performance having lower overhead than full vir-

tualization. Software products on the guest OS are able to call the hardware resources

directly instead of guest OS making the calls on software’s behalf, thus improving the

overall efficiency [24]. The drawback is though that the OS kernel needs to be modified,

which leads to a poor portability [22]. The reason for necessary OS kernel modification

is that the guest OS has to be aware of the fact that it’s being virtualized. The virtualization

layer between modified guest OS and system hardware is a software interface that re-

ceives hypercalls from the guest OS (figure 8). Xen Project (=a hypervisor) [25] is an

example of paravirtualization.

Figure 8. Paravirtualization [22]

16

Hardware assisted virtualization (figure 9) method provides virtualization performance

increase by having a processor extension, currently either Intel’s Virtualization Technol-

ogy VT-x or AMD’s AMD-V. Both extensions provide CPU execution mode feature that

allows the hypervisor run in Ring -1. Hardware support is possible also for memory vir-

tualization (Intel EPT / AMD NPT) and device and I/O virtualization (Intel VT-d / AMD

IOMMU {I/O Memory Management Unit}). In other words, memory & I/O virtualization

is performed by the chipset. There’s no need to modify the guest OS as in paravirtualiza-

tion. When it comes to PLC virtualization, hardware assisted virtualization is the virtual-

ization method with best performance and could be therefore considered as a virtualiza-

tion technique for PLCs.

Figure 9. Hardware Assisted Virtualization [22]

Operating system-level virtualization refers to a virtualization method in which isolated

instances (called containers) share the same host kernel and they run on a shared OS [23]

[27] [28]. OS-level virtualization is also called containerization or container-based virtu-

alization. Containerization also makes better use of hardware resources as ”traditional

virtualization”-methods do and it is even more lightweight solution. This means that it is

possible to create several isolated instances with a single piece of hardware, more than it

is possible to create Virtual Machines (VMs) in hypervisor-based virtualization.

The benefit of using containers over VMs is that you don’t need to run an entire OS to

run an application. Containers include an application, libraries, binaries, dependencies

and configuration files and they are abstractions of the host OS rather than the underlying

hardware like in hypervisor-based virtualization [29]. As an example, Docker (figure 10)

is a container technology that consists of Docker Engine and Docker Hub [30]. Docker

engine is installed on the host OS and it creates and runs containers, whereas Docker Hub

17

is for storing and managing Docker images. The negative aspect of containerization is

that all the containers need to run on a same host OS, whereas VMs can use different

guest OSs (one VM with Linux OS, another one with Windows etc.).

Figure 10. Hypervisor-based virtualization versus containerization architecture [27]

Embedded Virtualization refers to a virtualization implemented in embedded systems

[31]. Performance, security, isolation and communication requirements for embedded

systems are typically much higher than for enterprise systems [32] [42]. Thus, an ’em-

bedded hypervisor’ with real-time computing capabilities is required. The embedded sys-

tem virtualization is implemented by partitioning a General Purpose Operating System

(GPOS) and a Real Time Operating System (RTOS). The non-real-time component might

have processing real-time information, whereas the real-time component performs tasks

with critical deadlines [33]. It is really important that these two components communicate

with each other. For example PikeOS, OKL4, NOVA and Codezero have an embedded

virtualization solution. PikeOS embedded virtualization solution (figure 11) is used in the

avionics industry.

18

Figure 11. Embedded virtualization solution by PikeOS [32]

4.2 Hypervisor-based virtualization

Hypervisor (also called a Virtual Machine Monitor (VMM)) creates and runs Virtual Ma-

chines (VMs) that are emulations from physical computers running operating systems and

applications [47] [48]. Hypervisor-based virtualization refers to the hardware virtualiza-

tion method, in which hypervisor allocates the resources of the single underlying hard-

ware for guest operating systems (=VMs). Traditional infrastructure before virtualization

consisted of several servers that were underutilized [49]. Virtualization enables server

consolidation and a better use of hardware resources. Physical hardware is expensive and

it occupies a lot of space, so virtualization provides significant cost savings and smaller

footprint [50].

There are two different types of hypervisors: type 1 and type 2 hypervisor [51]. Type 1

hypervisors are often called bare metal-hypervisors or native-hypervisors. Type 1 hyper-

visors run on top of system hardware, whereas type 2 hypervisors run on top of a host

operating system (figure 12). Type 1 hypervisors have a better performance than type 2

hypervisors, because they have a full control over the underlying hardware resources.

However, type 1 hypervisors might require particular hardware features.

19

Figure 12. Type 1 and type 2 hypervisor [52]

VMs are isolated instances, which means that each VM is isolated from other VMs. This

provides redundancy: if one VM fails, it doesn’t affect the other VMs. VMs can also be

saved e.g. by using snapshots (VMware). Snapshot saves the current state of a VM and

in case the system fails, it can be easily redeployed by using the snapshot image [53].

What is also good about VMs, is that they can be migrated to a new hardware as long as

the used hypervisor is compatible with the hardware [54]. VM migration from one host

to another is helpful for example when you want to be sure that a VM won’t suffer from

changes or upgrades you want to do to your host operating system. Each VM has its own

operating system that allows users to use several different operating systems on a single

hardware if required. User can for example run one VM with a Windows OS and another

one with a Linux OS. The big advantage of consolidating servers by using virtualization

is centralization. It is significantly easier to manage all your assets from one or two servers

compared to couple dozens of them. It is also much easier to expand your system by

adding a VM rather than purchasing an expensive new server.

The major downside of hypervisor-based virtualization and virtualization in general is the

upfront cost. This means that businesses need to invest a lot of money upfront to deploy

virtualization, especially if a business is running a huge number of servers. In spite of

that, virtualization provides cost savings in a long run. Businesses also need to consider

the security risks they are taking when deploying virtualization. Usually for a host oper-

ating system there’s already a software detecting and removing viruses, but that’s not

enough to secure your data within VMs as well. While centralization is a big advantage

of virtualization considering asset management, it is also a risk to cause substantial down-

20

time. A server running a single application is causing downtime just for this one applica-

tion, whereas a server running multiple applications causes downtime for all the assets

managed by this server.

4.3 Container-based virtualization

Containers are sandboxed instances in a single operating system [55] [28]. Container-

based virtualization, also called containerization, refers to the operating system-level vir-

tualization method in which the containers use the resources of a single kernel. While

hypervisors emulate an entire computer including hardware abstraction, container-based

virtualization occurs at the operating system level and that’s why it’s also called operating

system-level virtualization [56]. Hypervisors manages hardware access for VMs, whereas

containers use the same kernel of the host operating system [57]. VMs always run an

operating system while containers don’t, but they need an operating system to run top of

it (figure 13). Containers are created from images (binary representation) and they typi-

cally include dependencies, libraries, binaries, configurations files and application.

Figure 13. Type 2 hypervisor-architecture vs. Container-based architecture [57]

Since containers don’t need to run a whole operating system containing device drivers,

kernel etc., the overhead is smaller and they are therefore more lightweight than VMs.

21

Basically it means that there’s only one operating system taking care of hardware access

and this leads to greater overall performance. Provisioning of these lightweight instances

is really quick as they can be started even in just a few milliseconds, while VMs need

much more time to boot [58]. Container images are much smaller (megabytes) than VM

images (gigabytes). Hence it is possible to run more containers than VMs on a single

hardware. Containerized systems are easily scalable and portable and redundancy can be

built to provide high availability. When containers are copied to a new location among

the same operating system, the image can be reused as it is [59]. Containers are isolated

from each other by using namespaces and cgroups that are certain kernel features [60]. In

addition, containerization provides isolation between different processes that are running

inside a single container.

Containerization supports DevOps, continuous delivery and deployment and micro-

services. Microservices is an architecture approach in which an application is decom-

posed into smaller services [63]. It is a development from monolithic applications (figure

14) [64]. Microservices is a way to a more modular architecture and containerization is

one way to implement microservices by separating and isolating processes. Having a

common containerized environment enables smooth cooperation between different

teams, when building, testing and deploying your application occurs inside containers

[18]. It is possible to run different applications written in different programming lan-

guages within containers, so containerization improves architecture agility. This gives

developers also the flexibility to choose among their preferred technologies. In case an

application is divided into several microservices, a part of this application may be updated

without having any impact on other parts of the application and thus enabling continuous

delivery. Additionally easy sharing and reusing of containers is also a big benefit. Overall

the required time from building to deploying your application can be decreased by using

containers.

22

Figure 14. Monolithic application vs. Microservices architecture [64]

Containerization seems to have many advantages over hypervisor-based virtualization, so

why would one still use virtual machines instead of containers? The downside about shar-

ing the same kernel between containers is that there’s no flexibility to use different oper-

ating systems or different kernel than the host kernel. If a system requires two or more

different operating systems, a hypervisor is needed to run a guest operating system, which

is different than the host operating system. The other option is to buy a new server, which

is expensive of course. The second major disadvantage of sharing the same kernel among

containers is poor security. In case someone violates the host kernel, it will have an impact

on all the containers, so the so called “sandboxed” containers are not so well isolated after

all.

4.4 SDN

SDN stands for Software Defined Networking (figure 15) that is an approach to make

computer networking more flexible [65]. In SDN the network data plane is decoupled

from the network control plane and the network control is programmable and centralized

[66]. SDN was created in response to large data center demands. Big benefit about SDN

is that it is based on open standards and there’s no vendor lock-in, so it supports the SDA

approach and Industry 4.0 vision. Compared to traditional networking where the network

23

switch doesn’t have programmability, SDN enables users to program and control the net-

work via software. As an example, when having a skype call using traditional networking

and the used path is down, the skype call gets cut [67]. SDN enables to use alternative

paths in case one path is down, so that the call doesn’t get cut. SDN is managed by SDN

controller that takes care of the actions of the network switch.

Figure 15. SDN [65]

24

5 PLC virtualization

5.1 From classic automation pyramid to a more flexible model

The classic automation pyramid (figure 16) represents a model of today’s ICSs [34]. All

the physical devices from sensors to actuators are in the field level from where the data

flows to the second level that controls the physical hardware by using e.g. PLC. The next

level is a supervisory level that allows users to monitor and control their processes by

SCADA systems [35] [36]. SCADA is abbreviation of Supervisory Control and Data Ac-

quisition and typical SCADA architecture includes the first three levels of the classic

automation pyramid. MES and ERP systems are then above the SCADA architecture.

MES stands for Manufacturing Execution System and it refers to systems which monitor

and control manufacturing data in real-time [37]. MES systems enable tracking of goods

for the complete production process. Enterprise Resource Planning (ERP) systems ac-

commodate the highest level of the automation pyramid. ERP systems manage real-time

monitoring and controlling of core business processes, such as production or product

planning, materials management and finance [38].

Figure 16. The classic automation pyramid [34]

25

ICS architectures are going through a change since the arrival of Industry 4.0 and cyber-

physical systems. As an example, a MES supplier SYMESTIC [39] realizes a model sce-

nario (figure 17) in which the old automation pyramid model is replaced by a machine-

to-machine and machine-to-human communication [40]. This vision supports the in-

creased needs of flexibility and scalability of future ICSs. The field devices, machines

and factories have already become “smarter” so that we can talk about Smart Devices,

Smart Machines and Smart Factories. However, the “brains” of ICSs, PLCs, are yet to

follow the vision. PLC virtualization is one approach, in which virtual PLCs (vPLCs)

would replace legacy hardware PLCs.

Figure 17. Transition from the automation pyramid to a new Industry 4.0-based model (SYMESTIC) [39]

5.2 PLC virtualization advantages and question marks

Distributed Control System (DCS) requires lots of hardware from wires and cables to

several I/Os and control devices. If the all the hardware control devices were replaced by

virtual PLCs, it would basically mean software replacing hardware. This supports the

SDA approach. Operational costs, such as power and cooling costs, can be reduced by

reducing the amount of necessary hardware. This leads also to a smaller footprint, since

virtual PLCs don’t occupy space inside control cabinets. Usually embedded systems re-

quire multiple processors, but by the use of virtualization servers can be consolidated.

PLC virtualization is a promising approach in response to the increasing needs of flexi-

bility of ICSs.

Virtualized systems can be easily modified by adding or replacing components without

any impact on the rest of the system. The aim in SDAs is to have no vendor lock-in,

26

meaning that third party components could be easily used. That’s not the case with hard-

ware PLCs, because normally you are tied to the PLC-vendor. In addition to modularity,

virtualized systems are also easily scalable. It is more affordable, faster and simpler to

add virtual PLCs to a DCS than physical hardware PLCs. It is also possible to move a

virtual PLC to a completely different machine [41]. Redundancy can be guaranteed by

running multiple virtual PLCs: in case one fails, other one will take over the control. This

way uptime can be increased and downtime minimized. Redundancy can be achieved by

cloning a virtual PLC. There’s then no need to test the cloned virtual PLC, because un-

changed objects will surely function the same way. Virtualization secures safe environ-

ment for tests and deployment: in case of a system failure, it is easier and faster to recover

from that failure when running your system in a virtualized environment.

One approach to compare virtual PLCs with hardware PLCs is to compare PC- and PLC-

based control [43] [44]. PLCs are developed for automation world providing high perfor-

mance and robustness, whereas PCs might not meet the same requirements, at least not

yet. There are also industrial PCs on the market that are robust and powerful enough for

automation, but there’s still factors that makes manufacturers choose a hardware PLC

over an industrial PC. PC-based control is pushed by Beckhoff Automation already since

the 1980s [45]. PLC has an embedded real-time operating system (RTOS) that guarantees

managing tasks with critical deadlines, but PC should be able to achieve the same relia-

bility by using a real-time kernel or RTOS. PC’s built-in user interface is an advantage of

PC-based control whilst PLC would need some additional components, such as operator

panel(s), switches or even an industrial PC for the user interface. PCs number of interfaces

also beat the amount of interfaces in PLC that would need additional modules to provide

the same variety of interfaces. It is also easy to add extra memory and more computing

power to PCs, whereas PLCs always have their constraints. Multi-core technology [46]

enables multitasking, so by using a PC or an industrial PC with a multi-core processor

reduces essentially the amount of necessary hardware, because PLC-based control would

need more hardware to perform several tasks. Splitting multiple tasks on multiple cores

improves the overall performance by balancing loads and providing more CPU time.

When it comes to safety-critical applications though, PLC is still much more reliable

thanks to its long-term service in ICSs. PC-based control has still a long way to go to

achieve the same reliability in terms of safety and determinism.

27

In a PC-based control, developers have more to choose from when it comes to program-

ming. PLC programming is typically based on the standard IEC 61131-3, while widely

used programming languages like C or C++ can be used in PC-based control. Code exe-

cution differs between the two different control options. PLC’s program execution is ei-

ther scan- or event-driven or a mixture of these, whereas PC runs a code as event-driven.

The scan-driven program execution is priority-based, so tasks with high priority are run

first. The drawback is that this might take longer sometimes than the event-driven execu-

tion.

What about when it comes to money? Upfront cost is higher in PC-based systems, but in

a long run it might pay off because of better system flexibility and scalability. It always

depends on the application, whether a PC-based solution or a PLC-based solution would

be a better choice.

The major question marks of PLC virtualization are cybersecurity, determinism and mi-

gration to legacy systems. Security is a big concern, especially now, when the Industry

4.0, IoT, SDAs etc. are taking over. PLC’s dedicated OS is less susceptible for virus at-

tacks than PCs, though for PLCs there is no software to detect and remove viruses. It is

still uncertain, whether a PC-based control can meet hard real-time requirements even

though there are RTOSs and real-time kernels available. There are simply no implemen-

tations yet where a virtual PLC is able to control the system meeting hard real-time re-

quirements. Appropriate communication protocols are important along proper Internet

connections. Businesses already lose significant amount of money nowadays because of

dropped Internet connections, so if the future’s businesses are even more dependent on

Internet, how big losses are we then talking about? It is still to be seen whether virtual

PLCs can be easily migrated to legacy systems. When manufacturers intend to deploy

new technologies, they want to be sure that the new elements and the old elements are

compatible. A virtual PLC has its constraints anyways: it can’t for example support all

the possible communication protocols, which means it won’t be just ‘plug-in and play’.

28

6 Case Study

6.1 Software and components

6.1.1 Node-RED

Node-RED is a flow-based programming tool and developed by JS Foundation [71]. It

has been especially developed for IoT and it is based on Node.js. Node-RED enables

wiring together hardware devices, online services (like Twitter) and application program-

ming interfaces. The programming interface is accessible via browser (figure 18). Node-

RED flows are created using nodes that can either be input-, output- or function-nodes,

for example. As an example, flow can consist of an inject-node (input-node) and a debug-

node (output-node). Inject-node produces a message either manually or repeatedly at reg-

ular intervals, depending how the user wants to set the properties of the node. Debug-

node provides messages which are then displayed in the debug sidebar tab.

Figure 18. Example flow in Node-RED

6.1.2 OpenPLC

OpenPLC is an open source PLC project created by Thiago Rodrigues Alves [72]. It is a

standard industrial controller that can be programmed with all the standard PLC lan-

guages (IEC-61131-3) from Structured Text (ST), Ladder Diagram (LD), Function Block

29

Diagram (FBD) and Instruction List (IL) to Sequential Function Chart (SFC). The Open-

PLC software is portable and it supports multiple platforms, such as Windows, Linux,

Raspberry Pi and Arduino. The OpenPLC uses Modbus/TCP for communication. The

project also includes a programming software called PLCopen Editor. PLC programs can

be created with any of the standard programming languages, but when the user wants to

download the program to the OpenPLC, the program needs to be generated to a ST-pro-

gram, because OpenPLC is only capable to run ST programs. ST programs can be down-

loaded to the OpenPLC via webserver (figure 19), where the OpenPLC can be also set to

run or stop and PLC logs can be viewed.

Figure 19. OpenPLC webserver

6.1.3 Docker

Nowadays almost all the containers are Linux containers that are known as LXC. Docker

is probably the most well-known container platform based on LXC [61]. Docker Com-

munity Edition is a free platform, but Docker also provides Enterprise Edition-solutions

with software, support and certification. Docker consists of two components: Docker En-

gine and Docker Hub. Docker Engine is for building and containerizing applications,

while Docker Hub is managing and sharing these applications as a SaaS service [62].

30

Docker containers can be created by using images that are each based on a Dockerfile.

Dockerfile is a script of commands that allows one to build images. Multiple containers

can be created using the same image. As an example, if you have a Dockerfile inside a

“test”-folder in your Desktop, you can create an image of it by running a single command

(figure 20):

Figure 20. Building an image called “testimage” from a Dockerfile inside ”test”-folder

After creating an image called “testimage”, docker images can be listed by running the

following command (figure 21):

Figure 21. List of Docker images

A container called “testcontainer” can then be created from the “testimage”-image by

running a command “docker run” (figure 22):

Figure 22. Docker container creation

Running containers can be seen by running the following command (figure 23):

Figure 23. List of running Docker containers

6.1.4 KVM and QEMU

KVM is a hardware assisted virtualization solution for Linux hardware [75]. KVM is

often called a Linux kernel module. Hardware must have a virtualization extension, either

AMD-V or Intel VT depending on the processor. KVM stands for Kernel-based Virtual

Machine and it is an open source software. KVM’s task is to accelerate hardware and

enhance virtual machine’s performance [76]. KVM can’t create and run virtual machines

31

just by itself, but it needs QEMU (=Quick Emulator) that in fact emulates the hardware.

However, QEMU needs KVM to minimize the overhead and thus boost performance of

a system. QEMU itself is a type 2 hypervisor, but in combination with KVM it becomes

a type 1 hypervisor.

6.1.5 I/Os, SoMachine

I/Os were needed to implement the control loop setup. Schneider Electric provided I/Os

for this case study: TM251MESE logic controller and TM3DM8R I/O module were used

(figure 24). As this thesis has its focus on PLC virtualization, the logic controller was not

used as a PLC, but the logic controller was necessary to establish a Modbus TCP/IP con-

nection between the I/Os and Node-RED. It’s not possible to establish a connection be-

tween SoMachine software (see next paragraph) and the I/O card alone. The logic con-

troller was connected to the software to set the device address. This device address could

then be used in Node-RED to read the inputs and write the outputs. The TM3DM8R con-

sists of four digital inputs and four relay outputs.

Figure 24. TM251MESE logic controller and TM3DM8R I/O-module

32

SoMachine [69] is a programming software by Schneider Electric. The software is based

on Codesys [70]. Software can be used to program the entire machine including a PAC

or PLC, HMI, motor control and related network automation functions. In this case study

SoMachine was used to set a device address for the logic controller (figure 25). In addition

the used devices (PLC+I/O-module) had to be added to the software configuration.

Figure 25. SoMachine

6.1.6 Modbus TCP/IP

Modbus TCP/IP is a Modbus communication protocol developed by Modicon (now

Schneider Electric) [73]. Modbus TCP/IP runs on Ethernet over a TCP interface [74]. In

other words, Modbus TCP/IP uses TCP/IP and physical network (=Ethernet) to carry

messages. TCP stands for Transmission Control Protocol and IP refers to Internet Proto-

col. TCP makes sure that all data packets are received correctly and IP ensures correct

addressing and routing. The protocol uses the Client-Server model. A client might be also

called as a master that sends data requests to servers. This means that a client always

establishes the communication as servers just wait for data requests. Server’s task is

simply to respond to data requests.

Modbus data model consists of four different data types:

-Discrete inputs

-Coils

-Input registers

-Holding registers

Discrete inputs are only readable, whilst coils are readable and writable. Discrete inputs

and coils (also called as discrete outputs) are 1-bit registers, whereas input and holding

33

registers are 16-bit registers. Input registers may only be read, holding register may be

both read and written.

6.1.7 Industrial PC

Node-RED and OpenPLC were running on an industrial PC (iPC) that had Ubuntu 16.04

LTS as an operating system. Industrial PC was chosen to this implementation as a PC

hardware to test the suitability of an iPC in such a solution. The solution was performed

on a Magelis iPC (HMIBMPSI74D4801) manufactured by Schneider Electric. This

Magelis iPC has an Intel QM87 chipset with hardware assisted virtualization support (In-

tel VT-x) and Intel Core i7-4650U processor with four 1.7 GHz CPU cores. It has 8 GB

RAM memory and 80 GB SSD disk.

6.2 Setup

For the case study, cooperation with Cedric Vandendriessche was done [68].

Vandendriessche earns a big praise for his support. Without his support this thesis would

have most likely had a different approach. The aim was to continue his work by making

similar tests but also compare the results with a hypervisor-based approach. Therefore,

the main idea of this case study was to compare container- and hypervisor-based ap-

proaches and analyze whether these approaches would already be suitable for some in-

dustrial applications.

This case study focuses on a test setup that represents a control loop (figure 26). In ICSs,

a control loop consists of “input-logic-output”-chain. In other words, a control loop needs

firstly an input, such as a sensor or a switch. Input is read by a processing device (e.g.

PLC) that executes the logic. After the logic execution, the processing device needs to

write the output that can be for instance a contactor or a variable speed drive. In this case

study, Schneider Electric’s TM3 I/O was used as input and output and OpenPLC was

used as a processing device (vPLC). Node-RED was used to upload a program on Open-

PLC and enable communication between OpenPLC and the I/O. I/O and iPC were phys-

ically connected to a network switch, so that Modbus messages could be sent over Ether-

net.

34

Figure 26. Control loop setup

Control loop test was implemented with three different approaches: container-based vir-

tualization, hypervisor-based virtualization and without virtualization. Container-based

virtualization was implemented by using Docker and hypervisor-based virtualization was

implemented with KVM. To capture the Modbus TCP/IP traffic, tcpdump [77] was used.

Wireshark [78] was then used to analyze data packets and measure latencies. Control loop

flow was created in Node-RED (figure 27).

Figure 27. Control loop flow in Node-RED

To read and write Modbus messages, Modbus contribution package for Node-RED was

installed [85]. In addition there’s a contribution package for OpenPLC nodes [86]. The

great thing about the OpenPLC node is that there’s no need to access the web server to

upload a program to the OpenPLC, but the program can be written in the node configu-

ration (figure 28). The program execution port needs to be specified in the node configu-

ration (port 8080 in the figure below).

35

Figure 28. OpenPLC-node configuration

To enable communication between the nodes, host addresses needed to be specified. The

device address of TM251MESE logic controller was given to TM3_modbus-client-server,

which was used for TM3_input and TM3_output nodes (figure 29). In container-based

virtualization, OpenPLC and Node-RED containers communicated over a common net-

work that was created in Docker (see next chapter). A localhost address was used for

OpenPLC-server in hypervisor-based virtualization.

36

Figure 29. Configuration of the TM3_modbus-client-server

6.2.1 Docker = Container-based virtualization

Firstly, Docker was installed on Ubuntu OS. Afterwards images of Node-RED and Open-

PLC were created based on their Dockerfiles. To enable communication between Node-

RED and OpenPLC, a new network had to be created using Docker. A new network can

be simply created by running a simple command (figure 30):

Figure 30. Creating a new docker network called fog-layer

After creation of the new network, Node-RED and OpenPLC instances can be connected

to this network either when creating the container instances by using ‘docker run’-com-

mand with a net-flag or after creating the instances by using ‘docker network’-command

[79].

Container instances of Node-RED and OpenPLC were finally created by using ‘docker

run’-command. When starting Node-RED inside a container, port 1880 at the localhost

was exposed to access Node-RED via browser.

37

6.2.2 KVM = hypervisor-based virtualization

Before the implementation of this case study, Jailhouse [80] and Xen [81] were consid-

ered as hypervisor-based virtualization solutions, but in the end there was not enough

time to do research on these solutions. Thus KVM was chosen, as the KVM virtualization

solution was really easy to implement and the performance should be good enough for

the case study.

Firstly, a new VM was created with Ubuntu 16.04 LTS OS. 5000MB memory, 20 GB

RAM and 4 CPU cores were allocated. After successful installation of the OS, the control

loop environment had to be set up. Node-RED and OpenPLC were installed on Ubuntu

[82] [83]. Then nodes were configured to enable communication between I/O, Node-RED

and OpenPLC. To install OpenPLC nodes, a different version of Node.js had to be in-

stalled. With the use of nvm, a node.js version 6.9.2 was installed successfully [84] and

then OpenPLC nodes could be used in Node-RED.

6.2.3 No virtualization

The same tests were also implemented without virtualization to have a reference point

and evaluate the overhead of the different virtualization solutions. Control loop environ-

ment was basically set up the same way as it was done for the hypervisor-based solution.

The only difference was that the setup was not done in a VM but in the host OS. Same

host OS (Ubuntu 16.04 LTS) was used as in the other approaches.

38

7 Results

To measure the control loop performance, Modbus traffic was captured and analyzed.

Control loop starts from reading the inputs and ends up to writing the output. Response

time was measured by analyzing the Modbus traffic on Wireshark (figure 31). Modbus

traffic from and to the I/O was captured.

Figure 31. Modbus traffic on Wireshark

Sometimes Modbus messages arrived late and that caused latency issues. After reading

the inputs, output should be updated, but sometimes messages were delayed and output

was updated late (figure 32). The amount of delayed messages varied depending on the

approach and the polling rate.

Figure 32. Latency issue

Tests were done using 10ms, 50ms and 500ms polling rates. 12 measurements were al-

ways done for one deployment and then the same configuration was deployed again. This

was repeated 20 times, so 240 iterations were performed in each case for each approach

(see attachments 1,2 and 3). Minimum, maximum, median, average and 90th percentile

latencies are shown in graphs (figures 33, 34 and 35).

39

With a 10ms polling rate the system was not able to poll every 10ms, but every 15-18ms.

This applied to all the different approaches. Messages arrived late occasionally, but the

response time was 13-15ms on average. Maximum values are a concern, because such

peak latencies result to a fact that this solution can’t be used in applications in which less

than a 35-40ms response time is required, depending on the approach. As expected, con-

tainerization seems to have a smaller overhead than the hypervisor-based solution. Mini-

mum values were more or less the same, but median, average and maximum values indi-

cate that the hypervisor-based solution is less performant. As the maximum latency value

without virtualization is higher than the equivalent with Docker, we can expect that such

latencies can also occur with Docker but more iterations would have been needed to re-

alize that. In this 10ms polling rate test, the hypervisor-based solution was a little bit

unstable and during the tests it felt like the system is going to crash. Most likely the iPC

was just not powerful enough to process everything and in addition there’s the overhead

of hypervisor. The nodes were configured the same way in all the different approaches,

so the node configurations can’t be blamed.

Figure 33. Response time of a control loop with a 10ms polling rate

With a 50ms polling rate the system was actually able to poll every 50ms. Peak latency

values were above 50ms in every approach, which is more than expected. Before the re-

sponse time tests it was tested, how redeploying the configuration has an impact if it has

any. By redeploying the same configuration over and over again, inconsistent latencies

were seen when comparing the latencies after each redeployment. That’s the reason why

the configuration was always redeployed 20 times and the measurements were not taken

in just one shot. For instance, if the first deployment showed latencies between 5 and

30ms, the next deployment might have shown latencies between 30 and 50ms. The cause

8,9

24,5

11,9 13,09

20,1

9,6

40,7

13,1 15,11

22,7

8,7

33,5

11,6 13,03

19,7

0

10

20

30

40

50

min max med avg 90th pctl

Late

ncy

(m

s)

10ms polling rate

Docker KVM No virtualization

40

of this remained unsolved. Otherwise the results show the same than the results with the

10ms polling rate: Docker has a smaller overhead than KVM and a very little overhead

in general.

Figure 34. Response time of a control loop with a 50ms polling rate

The same issue occurred with a 500ms polling rate: latencies above the polling rate were

measured both in hypervisor-based virtualization and in container-based virtualization.

The minimum and median values were low, but occasional high latencies of 450-500ms

are a huge concern. 500ms polling rate is naturally not suitable for general PLC applica-

tions, but the idea here was to test whether a higher polling rate would stabilize the system

and latencies above the polling rate would not be seen anymore. Also tests with an even

higher polling rate (1s, 2s, 4s) were performed, but the same issue seemed to remain.

Figure 35. Response time of a control loop with a 500ms polling rate

4,8

55

11

25,01

48

5,6

60

35 33,08

48

4,8

57

22 24,57

51

0

20

40

60

80

min max med avg 90th pctl

Late

ncy

(m

s)50ms polling rate

Docker KVM No virtualization

4,3

505

7

84,63

472

5,4

536

8,6

98,42

498

4,738

6,9 7,1 8,3

0

100

200

300

400

500

600

min max med avg 90th pctl

Late

ncy

(m

s)

500ms polling rate

Docker KVM No virtualization

41

8 Conclusion

The ongoing industrial revolution is pushing the automation world to use new IT technol-

ogies, such as virtualization. However, there are still several issues that force us to de-

velop these technologies and come up with new ones to overcome the issues and that way

respond to the market demands. One of the big concerns is network uptime. Even with

nowadays’ systems the businesses encounter situations in which network downtime

causes major problems in terms of money. The question is, how much downtime are we

then going to face when the systems increase the use of IT technologies and network?

When talking about ICSs, hardware PLCs are yet so much more reliable than any of the

so far proposed virtual solutions that it’s going to take some time before the ICSs are

going to say goodbye to legacy hardware PLCs, if ever.

Container-based virtualization, hypervisor-based virtualization and SDN were introduced

in this thesis. According to the marketing research and the case study, container-based

solution seems to be a more promising approach than hypervisor-based solution when

talking about PLC virtualization. Still we have to keep in mind that there are also down-

sides like security on container-based virtualization. In addition, the hypervisor used in

this case study is not the best available one, but some more performant real-time hyper-

visors could provide better results. The future will show us, how we could also benefit

from SDN-enabled communications fabric [96]. Anyhow, the solution introduced in this

thesis would not be suitable to any hard real-time, high speed motion- or safety-related

applications. Further investigation on the topic would be needed to estimate the actual

potential on hard real-time applications. First of all, a more performant hardware PC

would be needed to perform such tests. Secondly, a faster industrial protocol than Modbus

TCP/IP would be required. Perhaps another kind of approach would be needed to over-

come the issues what were experienced in this case study. It would be interesting to test

a direct communication between virtual PLC and I/O and use Node-RED nodes for ex-

ample to trigger inputs.

As the IT technologies keep developing, we can later on surely take PLC virtualization

more seriously. Anyways, it always depends on the application what kind of solution

would be suitable. For instance, it doesn’t make sense to virtualize systems if we are

talking about a really small industrial company with a machine or two to control. In any

42

case, it’ll be exciting to see how SDAs will take over the control of ICSs and whether

some hard real-time or safety-related applications will be controlled by virtual PLCs in

the future.

8.1 ALC

In this chapter a concept called App Logic Controller (ALC) is introduced. ALC is a fairly

new concept and at the moment it is just in a Proof of Concept-level, like PLC virtualiza-

tion in general. Today’s automation systems require lots of different field devices such as

relays and sensors to control machines or production lines. For instance, a cutting ma-

chine controlled by a PLC most likely needs couple sensors to collect important infor-

mation from the machine. This requires the machine user to purchase at least an input

module. Input modules consist of certain amount of inputs from 4 to 16 or even more,

depending on the vendor. So, if the machine user needs 2 inputs, but the vendors only

offer input modules with 4, 8 or 16 inputs, the machine user needs to pay for more inputs

than he needs. This is just one example, but especially in huge factories, where many

machines and production lines need to be controlled, the customers pay for more than

what they actually need. The current demands force the product vendors to develop their

products to be more agile and fit better to the needs of the customers. A good definition

for an app was found from WhatIs.com: “An application is a software program that’s

designed to perform a specific function directly for the user or, in some cases, for another

application program” [87]. So if a PLC could be replaced by an ALC that would provide

the user only the functions that the user needs, wouldn’t that be a perfect solution to re-

spond to the market demands?

ALC is a promising approach especially for ICSs, both for customers and for vendors.

Concept of Field Device App introduced by Syed Shiraz Gilani, Tim Tack, Holger Flatt

and Jürgen Jasperneite [88] demonstrates one ALC approach. This concept introduces

two scenarios in which the Field Device App could be used: “Providing field device func-

tionality through an app” and “Enhancing a device with additional functionality through

an app”. The first scenario’s procedure starts from finding and installing the app to the

execution of the app. The second scenario begins with reconfiguring the field device,

which is followed by finding, installing and executing the app. To explain the function-

ality of the Field Device App in other words, the field device functionality is provided by

43

a software product installed from an “App Distribution Platform”. The app is (or apps

are) then executed in reconfigurable field devices by the machine user.

There are also others who are interested in the concept. Maarten Ectors introduced the

ALC concept in October 2016 [89], listed its benefits and actually developed a prototype

[90]. ALC introduced by Ectors would consist of two processors: a micro-controller that

would take care of the logic execution and a typical mobile phone processor that would

manage everything else from updating the logic on the micro-controller to system moni-

toring. Ectors states three advantages that ALC has over a standard PLC: it is a cheaper

solution, it will be easier to program and it will be revenue generating for customers.

Bosch Rexroth has introduced an ALC at Embedded World Nuremberg at the Ubuntu

stand in March in 2017 [91]. Kunbus has worked on the concept as well by developing

Revolution Pi which is based on apps called snaps [92]. The Kunbus has already a quick

start guide and video tutorials online [93]. Revolution Pi is based on Raspberry Pi and it

is open source. There’s also Controllino [94], which is a step towards ALC. Controllino

is based on Arduino Open Source Software Technology and it is freely programmable

controller. There are few different models of Controllino already available and the same

programming platform (Arduino IDE) than for Arduino can be used.

So, to sum up the ALC, it is a controller that can be reconfigured any time by downloading

apps from a platform such as Google Play Store. It is an approach that would improve the

modularity and scalability of ICSs. The customer would be able to use just the functions

that the customer needs and there would be no extra costs for some functionality that

customer doesn’t need. The approach is really innovative: there could be a specific app

store for Industry, where programmers could upload their apps. If ALC would be a phys-

ical hardware, then it would have a processor or two that have their limits of course. If a

reliable and performant PLC virtualization solution can be developed, perhaps ALC could

be a software product. In that case the virtualization benefits could be also utilized.

44

REFERENCES

[1] Schneider Electric. 2005. Schneider Electric, 170 years of history. Accessed

02.06.2017. http://www.schneider-electric.co.cr/documents/empresa/se_his-

tory_brands_march2005.pdf

[2] Schneider Electric. 2016. Schneider Electric. Accessed 02.06.2017.

http://www.schneider-electric.com

[3] i-SCOOP. Copyright 2016-2020. Industry 4.0: the fourth industrial revolution –

guide to Industrie 4.0. Accessed 09.06.2017. https://www.i-scoop.eu/industry-4-0/

[4] Wikipedia. 2017. Industrial Revolution. Accessed 09.06.2017. https://en.wikipe-

dia.org/wiki/Industrial_Revolution

[5] Wikipedia. 2017. Industry 4.0. Accessed 09.06.2017. https://en.wikipe-

dia.org/wiki/Industry_4.0

[6] TechTarget. 2015. Industrial Internet of Things (IIoT). Accessed 09.06.2017.

http://internetofthingsagenda.techtarget.com/definition/Industrial-Internet-of-Things-

IIoT

[7] i-SCOOP. Copyright 2016-2020. Industrial Internet of Things (IIoT): definition,

benefits, standards and evolutions. Accessed 09.06.2017. https://www.i-scoop.eu/inter-

net-of-things-guide/industrial-internet-things-iiot-saving-costs-innovation/

[8] Vanessa Romero Segovia and Alfred Theorin. 15.06.2012. History of Control, His-

tory of PLC and DCS.

[9] Wind River Systems, Inc. 2017. Open, Secure Industrial Automation Systems.

[10] Germany Trade and Invest. 2017. Cyber-physical systems. Accessed 13.06.2017.

http://industrie4.0.gtai.de/INDUSTRIE40/Navigation/EN/Topics/The-internet-of-

things/cyber-physical-systems,t=cyberphysical-systems,did=1201724.html

[11] TechTarget. 2014. Service-oriented architecture (SOA). Accessed 13.06.2017.

http://searchmicroservices.techtarget.com/definition/service-oriented-architecture-SOA

[12] QuinStreet Inc. 2017. COTS - commercial off-the-shelf. Accessed 13.06.2017.

http://www.webopedia.com/TERM/C/COTS.html

[13] Michael Wahler, Thomas Gamer, Atul Kumar, Manuel Oriol. 2015. FASA: A Soft-

ware Architecture and Runtime Framework for Flexible Distributed Automation Sys-

tems.

[14] Modulus. 2015. Software-defined architecture taking web scale to the next level in

the cloud.

[15] CFE Media. 2006. What is a smart sensor? Accessed 14.06.2017. http://www.con-

troleng.com/single-article/what-is-a-smart-sen-

sor/014bc5b589f4b6a1bfc6f874fc3ecfe4.html

45

[16] AssetPoint. 2015. TabWare Predictive Maintenance Management (PdM). Accessed

14.06.2017. http://www.assetpoint.com/capabilities/eam-predictive-maintenance-cmms/

[17] Puppet. 2017. DevOps. Accessed 14.06.2017. https://puppet.com/solutions/devops

[18] MediaOps, LLC. 2015. What Do Containers Have to Do with DevOps, Anyway?

Accessed 14.06.2017. http://containerjournal.com/2017/01/11/containers-devops-any-

way/

[19] Dell EMC World. 2015. DevOps, Containers and Microservices: Buzzwords or

Fundamental to Survival? Accessed 14.06.2017.

https://www.youtube.com/watch?v=ivHVUTWRmxs

[20] Wikipedia. 2017. DevOps. Accessed 14.06.2017. https://en.wikipe-

dia.org/wiki/DevOps

[21] Golden B. 2007. Virtualization for dummies. John Wiley & Sons.

[22] VMware, Inc. 2007. Understanding Full Virtualization, Paravirtualization and

Hardware Assisted Virtualization.

[23] Hyungro Lee. 2015. Virtualization Basics: Understanding Techniques and Funda-

mentals.

[24] Virtualization Softwares. 2011. What is…? Accessed 14.06.2017. http://www.vir-

tualizationsoftwares.com/virtualization-article/

[25] Wikipedia. 2017. Xen. Accessed 14.06.2017. https://en.wikipedia.org/wiki/Xen

[26] Docker Inc. 2017. What is a Container. Accessed 14.06.2017.

https://www.docker.com/what-container

[27] TechTarget. 2017. Container vs. VM: What's the difference? Accessed 14.06.2017.

http://searchservervirtualization.techtarget.com/answer/Containers-vs-VMs-Whats-the-

difference

[28] TechTarget. 2016. Containerization (container-based virtualization). Accessed

14.06.2017. http://searchservervirtualization.techtarget.com/definition/container-based-

virtualization-operating-system-level-virtualization

[29] IDG Communications, Inc. 2017. What are containers and why do you need them?

Accessed 14.06.2017. http://www.cio.com/article/2924995/software/what-are-contain-

ers-and-why-do-you-need-them.html

[30] Docker Inc. 2017. About Docker Engine. Accessed 14.06.2017.

https://docs.docker.com/engine/

[31] Extension Media, Kim Hartman, TenAsys Corporation. 2017. Embedded Virtual-

ization — the key to Real-time Determinism in Multi-OS Systems. Accessed

16.06.2017. http://www.embeddedintel.com/technology_applications.php?article=1830

46

[32] IBM, M. Jones. 2011. Virtualization for embedded systems. Accessed 16.06.2017.

https://www.ibm.com/developerworks/library/l-embedded-virtualization/index.html

[33] Curt Schwaderer. 2014. Embedded virtualization: Latest trends and techniques. Ac-

cessed 16.06.2017. http://embedded-computing.com/articles/embedded-virtualization-

latest-trends-techniques/

[34] SMC International Training. 2017. Automation pyramid. Accessed 19.06.2017.

http://www.smctraining.com/en/webpage/indexpage/312

[35] QuinStreet Inc. 2017. SCADA - supervisory control and data acquisition. Accessed

19.06.2017. http://www.webopedia.com/TERM/S/SCADA.html

[36] Inductive Automation. 2017. What is SCADA? Accessed 19.06.2017. https://in-

ductiveautomation.com/what-is-scada

[37] TechTarget. 2010. Manufacturing execution system (MES). Accessed 19.06.2017.

http://searchmanufacturingerp.techtarget.com/definition/manufacturing-execution-sys-

tem-MES

[38] Wikipedia. 2017. Enterprise resource planning. Accessed 19.06.2017.

https://en.wikipedia.org/wiki/Enterprise_resource_planning

[39] symestic GmbH. 2017. Industry 4.0 and MES. Accessed 19.06.2017.

http://www.symestic.com/en/industry-4-0.html

[40] Zumbach Electronic AG. 2017. OPC UA - Overview. Accessed 19.06.2017.

http://www.zumbach.com/products/product-finder/opc-ua/opc-ua-overwiew.html

[41] Contact and Coil, Scott Whitlock. 2015. TwinCAT 3 Tutorial: Multiple Virtual

PLCs. Accessed 21.06.2017. http://www.contactandcoil.com/twincat-3-tutorial/multi-

ple-virtual-plcs/

[42] TenAsys Corporation. 2010. Embedded Virtualization - The Key to Real-time De-

terminism. Accessed 22.06.2017. http://www.tenasys.com/index.php/embedded-virtual-

ization-technology

[43] Innovasic, Inc. 2013. PLCs vs. industrial PCs for automation today, part 1. Ac-

cessed 23.06.2017. http://www.innovasic.com/news/industrial-ethernet/plcs-vs-indus-

trial-pcs-for-automation-today-part-1/

[44] Bosch Rexroth Corporation. 2011. PC vs. PLC: key factors in comparing control

options. Accessed 23.06.2017. https://www.automation.com/pdf_arti-

cles/Rexroth_PLCvsPC_L.pdf

[45] PMMI Media Group. 2017. Industry 4.0 Meets the Internet of Things. Accessed

23.06.2017. https://www.automationworld.com/article/topics/industrial-internet-

things/industry-40-meets-internet-things

[46] Control Design, Paul Commisso. 2015. Industrial Ethernet and Multi-Core Tech-

nology. Accessed 23.06.2017. http://www.controldesign.com/articles/2015/industrial-

ethernet-and-multi-core-technology/?show=all

47

[47] Wikipedia. 2017. Hypervisor. Accessed 01.07.2017. https://en.wikipe-

dia.org/wiki/Hypervisor

[48] Wikipedia. 2017. Virtual Machine. Accessed 01.07.2017. https://en.wikipe-

dia.org/wiki/Virtual_machine

[49] Purch, Sara Angeles. 2014. The Pros and Cons of Virtualization. Accessed

01.07.2017. http://www.businessnewsdaily.com/6014-pros-cons-virtualization.html

[50] Cross Company, David Ward. 2015. The Pros and Cons of Virtualizing a Control

System. Accessed 01.07.2017. https://innovativecontrols.com/blog/pros-and-cons-virtu-

alizing-control-system

[51] TechTarget. 2010. What's the difference between Type 1 and Type 2 hypervisors?

Accessed 01.07.2017. http://searchservervirtualization.techtarget.com/feature/Whats-

the-difference-between-Type-1-and-Type-2-hypervisors

[52] Computer Performance LTD, Guy Thomas. Copyright 1999-2017. Windows 8 Hy-

per-Visor. Accessed 01.07.2017. http://www.computerperformance.co.uk/win8/win-

dows8-hyper-v.htm

[53] TechTarget. 2014. Backup and disaster recovery in the age of virtualisation. Ac-

cessed 01.07.2017. http://www.computerweekly.com/feature/Backup-and-disaster-re-

covery-in-the-age-of-virtualisation

[54] Red Hat, Inc. 2017. What is migration? Accessed 01.07.2017. https://docs.fedo-

raproject.org/en-US/Fedora/19/html/Virtualization_Getting_Started_Guide/sec-migra-

tion.html

[55] VMware Cloud-Native. 2017. What is a Container? Accessed 03.07.2017.

https://www.youtube.com/watch?v=EnJ7qX9fkcU

[56] Wikipedia. 2017. Operating-system-level virtualization. Accessed 03.07.2017.

https://en.wikipedia.org/wiki/Operating-system-level_virtualization

[57] flow.ci. 2016. Introduction to Containers: Concept, Pros and Cons, Orchestration,

Docker, and Other Alternatives. Accessed 03.07.2017. https://medium.com/flow-ci/in-

troduction-to-containers-concept-pros-and-cons-orchestration-docker-and-other-alterna-

tives-9a2f1b61132c

[58] Michael Eder. 2016. Hypervisor- vs. Container-based Virtualization.

[59] Alexandru Moga, Thanikesavan Sivanthi, Carsten Franke. 2016. OS-Level Virtual-

ization for Industrial Automation Systems: Are We There Yet?

[60] Asad Javed. 2015. Linux Containers: An Emerging Cloud Technology.

[61] Docker Inc. 2017. Docker. Accessed 03.07.2017. https://www.docker.com/

[62] Wikipedia. 2017. Software as a service. Accessed 03.07.2017. https://en.wikipe-

dia.org/wiki/Software_as_a_service

48

[63] Wikipedia. 2017. Microservices. Accessed 03.07.2017. https://en.wikipe-

dia.org/wiki/Microservices

[64] Martin Fowler. 2014. Microservices. Accessed 03.07.2017. https://martin-

fowler.com/articles/microservices.html

[65] Open Networking Foundation. 2017. Software-Defined Networking (SDN) Defini-

tion. Accessed 04.07.2017. https://www.opennetworking.org/sdn-resources/sdn-defini-

tion

[66] Ingram Micro. 2017. 5 Differences Between SDN and Network Functions Virtual-

ization. Accessed 04.07.2017. http://www.ingrammicroadvisor.com/data-center/5-dif-

ferences-between-sdn-and-network-functions-virtualization

[67] Sanjeev Palamand. 2014. Traditional Networking v/s SDN. Accessed 04.07.2017.

https://www.youtube.com/watch?v=TPmvEnLr08g

[68] Cedric Vandendriessche. 2017. PLC virtualization for an agile Industry 4.0 compli-

ant distributed system.

[69] Schneider Electric. 2016. SoMachine. Accessed 24.07.2017. http://www.schneider-

electric.com/en/product-range-presentation/2226-somachine/

[70] 3S-Smart Software Solutions GmbH. 2017. CODESYS. https://www.codesys.com/

[71] JS Foundation. 2014. Node-RED. Accessed 24.07.2017. https://nodered.org/

[72] Thiago Rodrigues Alves. 2015. OpenPLC. Accessed 24.07.2017. http://www.open-

plcproject.com/

[73] Wikipedia. 2017. Modbus. Accessed 27.07.2017. https://en.wikipe-

dia.org/wiki/Modbus

[74] Acromag, Inc. 2005. Introduction to Modbus TCP/IP. https://www.prosoft-

technology.com/kb/assets/intro_modbustcp.pdf

[75] KVM. 2016. Main Page. Accessed 03.08.2017. https://www.linux-

kvm.org/page/Main_Page

[76] WordPress; Sriram Subramanian. 2017. Blogs about Cloud, Virtualization and eve-

rything else under the sun. Accessed 03.08.2017. http://www.in-

nervoice.in/blogs/2014/03/10/kvm-and-qemu/

[77] Tcpdump/Libcap. 2017. Tcpdump & Libcap. Accessed 04.08.2017.

http://www.tcpdump.org/

[78] Wireshark. 2017. Wireshark. Accessed 04.08.2017. https://www.wireshark.org/

[79] Docker. 2017. Docker network create. Accessed 04.08.2017.

https://docs.docker.com/engine/reference/commandline/network_create/#extended-

description

49

[80] GitHub, Inc. 2017. Linux-based partitioning hypervisor. Accessed 04.08.2017.

https://github.com/siemens/jailhouse

[81] Xen Project, A Linux Foundation Collaborative Project. 2013. Xen Project. Ac-

cessed 04.08.2017. https://www.xenproject.org/

[82] DigitalOcean Inc; Brian Boucheron. 2016. How to Connect Your Internet of

Things with Node-RED on Ubuntu 16.04. Accessed 04.08.2017. https://www.digital-

ocean.com/community/tutorials/how-to-connect-your-internet-of-things-with-node-red-

on-ubuntu-16-04

[83] Thiago Rodrigues Alves. 2015. Linux. Accessed 04.08.2017. http://www.open-

plcproject.com/getting-started-linux

[84] LinuxConfig.org; Lubos Rendek. 2016. How to install Node.js on Ubuntu 16.04

Xenial Xerus Linux server. Accessed 04.08.2017. https://linuxconfig.org/how-to-install-

node-js-on-ubuntu-16-04-xenial-xerus-linux-server

[85] GitHub, Inc. 2016. Node-red-contrib-modbus. Accessed 04.08.2017.

https://github.com/biancode/node-red-contrib-modbus

[86] GitHub, Inc. 2017. Node-red-contrib-openplc. Accessed 05.08.2017.

https://github.com/SkyTrix/node-red-contrib-openplc

[87] TechTarget. 2011. App. Accessed 08.08.2017. http://searchmobilecomputing.tech-

target.com/definition/app

[88] Syed Shiraz Gilani, Tim Tack, Holger Flatt, Jürgen Jasperneite. 2014. An App-

Based Approach for Reconfigurable Field Devices.

[89] LinkedIn Corporation; Maarten Ectors. 2016. How ALCs will disrupt the PLC

market... Accessed 08.08.2017. https://www.linkedin.com/pulse/how-alcs-disrupt-plc-

market-maarten-ectors?lipi=urn%3Ali%3Apage%3Ad_flagship3_search_srp_con-

tent%3BHeWXon%2FdTDKK7%2BEecsQUyw%3D%3D&licu=urn%3Ali%3Acon-

trol%3Ad_flagship3_search_srp_content-object

[90] LinkedIn Corporation; Maarten Ectors. 2016. The first App Logic Controller

(ALC) Prototype is here... Accessed 08.08.2017. https://www.linkedin.com/pulse/first-

app-logic-controller-alc-prototype-here-maarten-ec-

tors?lipi=urn%3Ali%3Apage%3Ad_flagship3_search_srp_con-

tent%3BHeWXon%2FdTDKK7%2BEecsQUyw%3D%3D&licu=urn%3Ali%3Acon-

trol%3Ad_flagship3_search_srp_content-object

[91] LinkedIn Corporation; Maarten Ectors. 2017. How Bosch Rexroth is out-innovat-

ing the PLC market... Accessed 08.08.2017. https://www.linkedin.com/pulse/how-

bosch-rexroth-out-innovating-plc-market-maarten-ec-

tors?lipi=urn%3Ali%3Apage%3Ad_flagship3_search_srp_con-

tent%3BHeWXon%2FdTDKK7%2BEecsQUyw%3D%3D&licu=urn%3Ali%3Acon-

trol%3Ad_flagship3_search_srp_content-object

50

[92] LinkedIn Corporation; Maarten Ectors. 2017. App Store for PLC – ALC Part 2 –

industrial-ready Revolution Pi. Accessed 08.08.2017.

https://www.linkedin.com/pulse/app-store-plc-alc-part-2-industrial-ready-pi-maarten-

ectors

[93] KUNBUS GmbH. 2016. Revolution Pi. Accessed 08.08.2017. https://revolu-

tion.kunbus.com/

[94] CONELCOM GmbH. 2017. Controllino. Accessed 08.08.2017. http://control-

lino.biz/

[95] Omid Givehchi, Jahanzaib Imtiaz, Henning Trsek and Juergen Jasperneite. 2014.

Control-as-a-Service from the Cloud: A Case Study for using Virtualized PLCs.

[96] Tiago Cruz, Paulo Simoes and Edmundo Monteiro. 2016. Virtualizing Programma-

ble Logic Controllers: Toward a Convergent Approach.

51

APPENDICES

Attachment 1. Response time – Without virtualization

0

10

20

30

40

1 9

17

25

33

41

49

57

65

73

81

89

97

10

5

11

3

12

1

12

9

13

7

14

5

15

3

16

1

16

9

17

7

18

5

19

3

20

1

20

9

21

7

22

5

23

3

Late

ncy

(m

s)

Response time - Without virtualization - 1 vPLC - 10ms polling rate

10

0

20

40

60

1 9

17

25

33

41

49

57

65

73

81

89

97

10

5

11

3

12

1

12

9

13

7

14

5

15

3

16

1

16

9

17

7

18

5

19

3

20

1

20

9

21

7

22

5

23

3

Late

ncy

(m

s)

Response time - Without virtualization - 1 vPLC - 50ms polling rate

50

0

10

20

30

40

1 9

17

25

33

41

49

57

65

73

81

89

97

10

5

11

3

12

1

12

9

13

7

14

5

15

3

16

1

16

9

17

7

18

5

19

3

20

1

20

9

21

7

22

5

23

3

Late

ncy

(m

s)

Response time - Without virtualization - 1 vPLC - 500ms polling rate

500

52

Attachment 2. Response time - Docker

0

10

20

30

1 9

17

25

33

41

49

57

65

73

81

89

97

10

5

11

3

12

1

12

9

13

7

14

5

15

3

16

1

16

9

17

7

18

5

19

3

20

1

20

9

21

7

22

5

23

3

Late

ncy

(m

s)

Response time - Containerization - 1 vPLC - 10ms polling rate

10

0

20

40

60

1 9

17

25

33

41

49

57

65

73

81

89

97

10

5

11

3

12

1

12

9

13

7

14

5

15

3

16

1

16

9

17

7

18

5

19

3

20

1

20

9

21

7

22

5

23

3

Late

ncy

(m

s)

Response time - Containerization - 1 vPLC - 50ms polling rate

50

0

200

400

600

1 9

17

25

33

41

49

57

65

73

81

89

97

10

5

11

3

12

1

12

9

13

7

14

5

15

3

16

1

16

9

17

7

18

5

19

3

20

1

20

9

21

7

22

5

23

3

Late

ncy

(m

s)

Response time - Containerization - 1 vPLC - 500ms polling rate

500

53

Attachment 3. Response time - KVM

0

10

20

30

40

501 9

17

25

33

41

49

57

65

73

81

89

97

10

5

11

3

12

1

12

9

13

7

14

5

15

3

16

1

16

9

17

7

18

5

19

3

20

1

20

9

21

7

22

5

23

3

Late

ncy

(m

s)Response time - KVM - 1 vPLC - 10ms polling rate

10

0

20

40

60

80

1 9

17

25

33

41

49

57

65

73

81

89

97

10

5

11

3

12

1

12

9

13

7

14

5

15

3

16

1

16

9

17

7

18

5

19

3

20

1

20

9

21

7

22

5

23

3

Late

ncy

(m

s)

Response time - KVM - 1 vPLC - 50ms polling rate

50

0

200

400

600

1 9

17

25

33

41

49

57

65

73

81

89

97

10

5

11

3

12

1

12

9

13

7

14

5

15

3

16

1

16

9

17

7

18

5

19

3

20

1

20

9

21

7

22

5

23

3

Late

ncy

(m

s)

Response time - KVM - 1 vPLC - 500ms polling rate

500